Public bug reported: release: ubuntu 24.04 noble opensc package version: 0.25.0~rc1-1ubuntu0.1~esm1 510 0.25.0~rc1-1build2 both versions are affected. openssl version: 3.0.13-0ubuntu3+Fips1
Sru backport from upstream issue: https://github.com/OpenSC/OpenSC/issues/3495 On Ubuntu24.04 with FIPS enabled, openssl is segfaulting when using the pkcs11-tool -L command to list slots. user1@ubuntu:~$ sudo pkcs11-tool -L Segmentation fault On Ubuntu vm (lxd or qemu) with fips enabled. sudo pro attach <token uuid> sudo pro enable fips-updates sudo apt-get install opensc Reboot vm after logging in again, run the command sudo pkcs11-tool -L and we see the error Segmentation fault. Expected Output Available slots: /usr/bin/pkcs11-tool --module=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L Slot 0 (0x0): Gemalto Gemplus USB SmartCard Reader 433-Swap [CCID Interface... token label : John Doe token manufacturer : Common Access Card token model : PKCS#15 emulated token flags : login required, PIN pad present, rng, token initialized, PIN initialized hardware version : 0.0 firmware version : 0.0 serial num : 000058bd002c19b5 pin min/max : 4/8 ** Affects: opensc (Ubuntu) Importance: Medium Assignee: Heather Lemon (hypothetical-lemon) Status: In Progress ** Affects: opensc (Ubuntu Noble) Importance: Undecided Status: New ** Affects: opensc (Ubuntu Plucky) Importance: Undecided Status: New ** Affects: opensc (Ubuntu Questing) Importance: Undecided Status: New ** Affects: opensc (Ubuntu Resolute) Importance: Medium Assignee: Heather Lemon (hypothetical-lemon) Status: In Progress ** Attachment added: "full-bt-output.txt" https://bugs.launchpad.net/bugs/2127205/+attachment/5916651/+files/full-bt-output.txt ** Changed in: opensc (Ubuntu) Assignee: (unassigned) => Heather Lemon (hypothetical-lemon) ** Changed in: opensc (Ubuntu) Status: New => In Progress ** Changed in: opensc (Ubuntu) Importance: Undecided => Medium ** Also affects: opensc (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: opensc (Ubuntu Plucky) Importance: Undecided Status: New ** Also affects: opensc (Ubuntu Questing) Importance: Undecided Status: New ** Also affects: opensc (Ubuntu Resolute) Importance: Medium Assignee: Heather Lemon (hypothetical-lemon) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2127205 Title: pkcs11-tool is sending null sha-1 digest to Openssl on FIPS enabled ubuntu 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2127205/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
